Research On Reactive Fail-Safety For Train Control Safety Computer

With the rapid development of railway network and urban rail transit in our country,the requirements of safety and real-time performance in train control systems are increasing.The train control safety computer is responsible for the verification and voting of the input and output data of train control system,it ensures the safety of train control system by a large number of fail-safety designs in software and hardware,but the real-time performance is also reduced to some extent.In this paper,the reactive fail-safety technology in EN50129 is introduced,the overall architecture of train control safety computer and the design of each module are optimized.Firstly,the common architecture of train control safety computer is analyzed by reliability theory,a variety of error detection and fault tolerance techniques for software and hardware are listed,and the technical characteristics of three fail-safety methods applicable to railway safe-critical systems are compared.On this basis,the applicability of reactive fail-safety in the hardware and software of train control safety computer is discussed and its application form on the double two vote of two safety computer platform is expounded.Secondly,according to the technical characteristics of reactive fail-safety,combined with the technical requirements of the safety-critical system standards,aiming at the shortcomings of the current train control safety computer in our laboratory,an optimization design of the software and hardware in train control safety computer is proposed.On the whole architecture,to solve the problem that the data forwarding between the intermal modules of safety computer is too frequent,the connection of fault-tolerant safety management unit,the communication control unit and the safety input/output unit are re-adjusted.In the verification mechanism,the hardware architecture of each verification unit is unified by the combination of reactive fail-safety and composite fail-safety,the process of verification and voting in software is simplified and the efficiency of data verification is improved.In the communication architecture,the communication speed in safety computer are improved by the combination of low voltage differential signaling(LVDS)and optical fiber communication;the communication expansion ability of safety computer is improved by binary exponential back-off algorithm(BEB);and the data scheduling mode is optimized by packing algorithm.In the monitoring mechanism,power supply,global clock and chip state of processing units are monitored in various forms,which improves the safety.Finally,the optimization effect of reactive fail-safety design is verified by formal verification,hardware design and software simulation.Firstly,the method of model check is used to verify the state transition relationship of fail-safety management mechanism under the optimized architecture,and the NuSMV tool is used for formal verification.Secondly,the safety of the new verification mechanism is verified under normal and fault conditions by test cases.Thirdly,the design of LVDS optical fiber communication is verified by designing optical fiber communication test board,fault-tolerant safety board and communication control board.The expansion strategy and scheduling algorithm are verified by software simulation and hardware test.The test results show that the optimized design combined with reactive fail-safety can effectively complete the error detection and shutdown,shorten the data verification cycle of each module,and greatly improve the internal data communication speed and communication expansion ability.Overall,the optimization design meets the design requirements and the functional requirements of reactive fail-safety,which can improve the real-time of train control safety computer.Figure 74,Table 6,53 References.